If you want to disable Event Logs in Windows 11/10, then this post will be able to help you. You can disable a single Event log or multiple Logs. Event Logs are crucial for diagnostics and necessary for troubleshooting, and they are enabled by default.
Is it safe to disable Windows Event Log?
Disabling Event logs is safe, and it does not affect any programs. These logs are meant for diagnostic purposes, and if you have no use for them, you may disable them. Disabling this feature will impact the ability to log system events.
How to disable Windows Event Log?
You have four methods that you can follow to disable Event Logs in Windows 11/10:
- Disable the Window Event Log Service
- Turn off the Event log using System Configuration
- Disable individual logs using the Event Viewer
- Using Event Properties and Registry Editor.
1] Disable the Window Event Log Service
Using Services Manager
The first thing you can try is to disable the Windows Event Log service.
For this, open the Sevice Manager, and on the right side, under the Names column, look for the Windows Event Log service. Right-click on it and select Properties. Now, in the Properties window, under the General tab, change the Startup type field to Disabled. Next, under Service status, click on Stop. Press Apply and OK to apply the changes. This will disable the entire Windows event logging process.
Using Registry Editor
Alternatively, you can disable the Windows Event Log Service using the Registry Editor as follows:
Open regedit and navigate to the below path in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
Now, go to the right and double-click on the Start DWORD key to open the Edit window.
- Here, set the Value data to 4 to change the Startup type to Disabled.
- To change it back to Automatic/Automatic (Delayed Start), set it to 2, and for Manual, set it to 3.
Using the Command Prompt
Some users may be comfortable with enabling or disabling the Event Log/s through the Command Prompt and hence, here’s the solution. Open Command Prompt with administrator rights, run the below command, and hit Enter:
sc config eventlog start= disabled
To enable the Event Log back again, type in the below command and hit Enter:
sc config eventlog start= auto
You can also disable an individual setting or audit category. For this, run the below command and hit Enter:
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:enable
Once you see the success message, fewer events will be logged in the future.
Alternatively, you can run the below command to disable the Event log via Registry Editor:
REG add "HKLMSYSTEMCurrentControlSetserviceseventlog" /v Start /t REG_DWORD /d 4 /f
This will change the Startup type of the Windows Event Log service to Disabled. Restart your PC for the changes to be effective.
Read: Fix Windows Services will not start
2] Turn off the Event log using System Configuration
Another way to disable Windows Eveng logging would be through System Configuration. To do this, Press Win + R to launch the Run console > msconfig > System Configuration > Services tab > uncheck Windows Event Log. Press Apply and OK. Restart your PC to apply the changes.
Read: How to clear the Event Log in Windows
3] Disable individual logs using the Event Viewer
To turn off Windows Event logging for individual events is through the Event Viewer.
Go to the Windows search bar, type Event Viewer, and click on the result to open it. Expand Applications and Services Log > Microsoft > Windows > WFP. Here, check each IKE to find the specific Event Log. Once you find it, select it and click on Disable Log.
Read: Event Viewer logs are missing in Windows
4] Using Event Properties and Registry Editor
You can also disable Windows Event logging directly through the Registry Editor. However, before you make any changes to the registry settings, make sure that you create a backup of the data to recover any data lost accidentally.
For this, open Event Viewer, expand Windows Logs on the left, and select the type of event category – Eg. Application, Security, Setup, System or Forwarded Events.
Next, on the right, right-click on the Event Log you want to disable and select Event Properties.
In the Event Properties window, go to the Details tab, and select XML View. Here, note down the GUID.
Now, open the Registry Editor, and navigate to the below path based on the Event Log category:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application
Here, look for the GUID. If you find it, double-click on the Enabled Dword key on the right and set it to 0.
Repeat the same with the EnableProperty DWORD key as well to disable the Windows Event Log.
Once done, exit the Registry Editor and restart your PC to apply the changes.
Read: How to enable or disable Protected Event Logging in Windows
What is the event code for Windows Log-off?
There are different varieties of event codes based on the Windows version in use and the specific Windows event log you are referring to. Usually, the log-off events are found under the Security section of the Windows Logs in the Event Viewer. For example, if you see the Event ID 4624 in the Security Log, it indicates the Logon event. Likewise, an Event ID 4647 means user-initiated Logoff, and 4634 is generated when a session no longer exists as it was terminated.
TIP: To view the Event Logs in detail, you can use the free tool called Full Event Log View.
How do I archive Windows Event Logs?
Archiving event logs can be of great help later, for example, for troubleshooting and auditing purposes. So, to archive the Windows event logs, launch Event Viewer, expand Windows Logs, and select Application. Now, right-click on Application and choose Save All Events As from the context menu. Next, in the Save As window, create a File name and select the desired location where you want to save the archived logs.
Read: Windows Event Log high CPU, Disk, Memory, Power Usage.
